Changes the password for an existing Cirro user.


ALTER USER 'userName' IDENTIFIED BY 'password';

ALTER USER 'targetuser' LIKE 'sourceuser' EXCLUDE options;


  • ‘userName’: The name of the existing user. Optionally, enclose in single quotes. If the logged in user is changing their own password, username can be omitted.

  • LIKE: Allows duplication of ‘sourceuser’ roles and privileges in ‘targetuser’ account. Requires COPY USER privilege. If used, this must precede any other commands.

  • IDENTIFIED BY ‘password’: Sets ‘password’ to access the account. Always enclose the password in single quotes.

  • VALUES GENERATE_PASSWORD: Generates a random character password. See GENERATE_PASSWORD

  • EMAIL ‘’: the email address for the user account. Cirro sends a message to this user containing any of password, one time password link to QR code for Authenticator app setup, or two factor authentication link to Duo or Saaspass.

  • AUTHENTICATED BY method: Sets authentication method. Default is cirrootp (cirro one-time-password). Requires email address so user can receive account details.

  • OPTIONS (SECRET ‘HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ’): A 32 character 160 bit number formatted using base 32. This is generated outside Cirro by the secure application of your choice.

  • WITHOUT options: exclude three options from any LIKE clause: DATABASE CREDENTIALS, ROLES or PRIVILEGES.

Additional Information

  • This statement may require system administrator permissions.

  • When using the LIKE command, this must precede any other commands.


Account with standard password

ALTER USER 'myUser1' IDENTIFIED BY 'p@sswOrd';

Account duplicating another with standard password, email address but no privileges


See also